Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for The Cyber Express We ...

 Firewall Daily

The second week of 2026 continues to fetch new cybersecurity issues that affect national security, public stability, business operations, and technology governance. Developments this week ranged from senior intelligence leadership appointments and nationwide internet shutdowns to data breaches, new cybercrime   show more ...

services, and regulatory pressure on generative AI platforms.  Across regions and sectors, the incidents reflect how cyber risks now extend beyond technical environments into policy decisions, civil rights, financial systems, and public trust. Governments, enterprises, and technology providers faced challenges tied to resilience, accountability, and threat escalation, reinforcing cybersecurity’s role as a strategic issue rather than a purely operational one.  The Cyber Express Weekly Roundup  X Tightens Grok AI Restrictions  X (previously Twitter) introduced new restrictions on its AI chatbot Grok to prevent the creation of nonconsensual sexualized images, including content that may constitute child sexual abuse material. Measures include blocking sexualized image edits of real people, limiting image generation to paid users, and applying geoblocking where such content is illegal. The changes follow widespread abuse reports and ongoing investigations by U.S. and European authorities. Read more…  NSA Appoints Timothy Kosiba as Deputy Director  The National Security Agency announced the appointment of Timothy Kosiba as its 21st Deputy Director, making him the agency’s senior civilian official responsible for strategy execution, policy, and operational priorities. Kosiba brings more than 30 years of experience across the U.S. intelligence community, including senior roles at the NSA and U.S. Cyber Command, overseas liaison assignments, and leadership of major operational units. Read more…  Iran Enters Fourth Day of Nationwide Internet Blackout  Iran entered a fourth day of a nationwide internet blackout amid widespread unrest linked to the collapse of the rial, now trading at 1.4 million to the U.S. dollar. Authorities reduced national connectivity to approximately 1%, cutting off communications for more than 80 million people. Reports indicate thousands have been detained and hundreds killed since protests began, drawing international concern over censorship, human rights, and crisis communications. Read more…  Dr. Amit Chaubey Warns of Expanding “Business Blast Radius”  In an interview with The Cyber Express, Dr. Amit Chaubey said cyber incidents in 2026 are creating a broader “business blast radius,” extending beyond IT into national resilience, legal exposure, operational continuity, and public trust. He identified failures in external dependencies, such as cloud services, identity systems, connectivity, and key suppliers, as the primary drivers of large-scale disruption, warning that many organizations remain unprepared for sustained degraded operations. Read more…  Endesa Data Breach Affects Energía XXI Customers  Spanish energy provider Endesa disclosed a data breach involving unauthorized access to its commercial platform, impacting customers of its regulated operator Energía XXI. Exposed data includes identification details, contact information, national identity numbers, contract data, and possible payment information such as IBANs. Endesa stated that account passwords were not compromised and reported no evidence of data misuse as investigations continue. Read more…  New Android Banking Malware deVixor Identified  Cyble researchers identified a new Android banking malware called deVixor, a remote access trojan combining credential theft, device surveillance, and ransomware functionality. Active since October, the malware targets Iranian users through phishing sites distributing malicious APKs and is operated as a service-based criminal platform using Telegram and Firebase infrastructure. Researchers noted the malware’s scalability and long-term operational design. Read more…  Microsoft Disrupts RedVDS Cybercrime Platform  Microsoft announced the takedown of RedVDS, a cybercrime-as-a-service platform costing $24 per month that provided criminals with disposable virtual machines for fraud operations. In coordination with international law enforcement, Microsoft seized infrastructure linked to an estimated $40 million in reported U.S. fraud losses, with victims across healthcare, real estate, nonprofit, and other sectors. The action marks Microsoft’s 35th civil case against cybercrime infrastructure. Read more…  Weekly Roundup Takeaway  This week’s events highlight how cybersecurity in 2026 directly affects governance, economic stability, civil rights, and technology accountability. From intelligence leadership changes and state-imposed internet shutdowns to advanced malware, large-scale fraud platforms, and AI safety enforcement, cyber risks now demand coordinated action across policy, regulation, and operations rather than technical controls alone. 

image for Cyberattack Hits Pol ...

 Firewall Daily

Poland narrowly avoided a nationwide power outage at the end of December after what senior officials have described as the most serious cyberattack on its energy infrastructure in years. The Poland cyberattack occurred during a period of severe winter weather, further complicating the crisis management efforts.  In   show more ...

an interview on RMF FM, Minister of Digital Affairs Krzysztof Gawkowski warned that the threat was no longer hypothetical. “The digital tanks are already here,” he said, referring to the growing use of cyber tools as weapons. According to Gawkowski, the Polish cyberattack was aimed directly at cutting off electricity to citizens in the final days of December. “We were very close to a blackout,” he admitted.  The situation was particularly challenging because the attacks coincided with harsh weather conditions, which further strained the energy system. Despite these factors, authorities managed to stabilize the network before power supplies were interrupted on a large scale.  Russian Sabotage and the Scale of the Poland Cyberattack  Krzysztof Gawkowski noted that the government views the incident as a deliberate sabotage rather than a random hacking attempt. “Everything suggests that we are dealing with Russian sabotage—because it has to be called by its name—which was intended to destabilize the situation in Poland,” he said during the RMF FM broadcast. He described the operation as the largest cyberattack on Poland’s energy infrastructure in years, with a clear objective of triggering a blackout.  [caption id="attachment_108679" align="alignnone" width="662"] Krzysztof Gawkowski Speaks on the Poland cyberattack (Source: RMF)[/caption] While stressing over the seriousness of the Poland cyberattack, Gawkowski also sought to reassure the public. “There is no need to panic,” he said, adding that state institutions were well prepared to respond and had acted effectively to prevent the worst-case scenario.  Additional details were provided earlier by Energy Minister Miłosz Motyka, who said that hackers attempted to breach multiple electricity-producing facilities across the country. The targets included one combined heat and power plant as well as numerous individual renewable energy sources. Motyka described the incident as unprecedented in its coordination.   “We have not experienced an attack like this before,” he said. “For the first time, various locations were targeted simultaneously.” According to the minister, the attack was successfully countered before it could cause lasting damage.  Strengthening Defenses Against Future Attacks  Motyka characterized the Poland cyberattack as “threatening” and fundamentally different from previous incidents. In response, he announced that Poland would step up investment in its energy infrastructure this year. The government plans to implement an “anti-blackout package” focused on modernization and stronger cybersecurity protections to better defend against similar attacks in the future.  The cyberattack on Poland is part of a wider trend affecting institutions and companies across the European Union. In recent years, cyber operations attributed to Russian state-sponsored actors have increasingly targeted critical infrastructure, often described as elements of hybrid warfare aimed at destabilizing the EU and disrupting Western support for Ukraine, accusations that Moscow has denied.  Poland itself has faced a series of cyber incidents in recent months. In November, several attacks disrupted digital payment services, while a separate breach led to the leaking of customer login details from a Polish travel agency.   Political Fallout Amid Rising Cyber Risks  The broader implications of the Poland cyberattack have extended into the political arena. During his RMF FM interview, Krzysztof Gawkowski was asked whether technical problems that delayed the leadership election of the Poland 2050 party could also be linked to cyber activity. The vote was not resolved on Monday “for technical reasons,” raising speculation about possible interference.  Gawkowski said he had no direct knowledge connecting the issue to the wider cyberattack on Poland but confirmed that the matter had been reported to the Internal Security Agency. “There will be a review. I’m not ruling out any scenario,” he said. He added that the party itself might have more information, noting, “The services will investigate, but what happened there? I don’t know. This is definitely a problem for Poland 2050.”  The minister also addressed other digital policy issues, including the president’s veto of a digital bill over concerns about online censorship. Gawkowski said he was willing to meet with Karol Nawrocki to discuss the legislation, describing the veto as political in nature and criticizing the narrative that content removal automatically constitutes an attack on freedom of speech. 

image for Grok Image Abuse Pro ...

 Cyber News

Elon Musk’s social media platform X has announced a series of changes to its AI chatbot Grok, aiming to prevent the creation of nonconsensual sexualized images, including content that critics and authorities say amounts to child sexual abuse material (CSAM). The announcement was made Wednesday via X’s official   show more ...

Safety account, following weeks of growing scrutiny over Grok AI’s image-generation capabilities and reports of nonconsensual sexualized content. X Reiterates Zero Tolerance Policy on CSAM and Nonconsensual Content In its statement, X emphasized that it maintains “zero tolerance for any forms of child sexual exploitation, non-consensual nudity, and unwanted sexual content.” The platform said it continues to remove high-priority violative content, including CSAM, and to take enforcement action against accounts that violate X’s rules. Where required, accounts seeking child sexual exploitation material are reported to law enforcement authorities. The company acknowledged that the rapid evolution of generative AI presents industry-wide challenges and said it is actively working with users, partners, governing bodies, and other platforms to respond more quickly as new risks emerge. Grok AI Image Generation Restrictions Expanded As part of the update, X said it has implemented technological measures to restrict Grok AI from editing images of real people into revealing clothing, such as bikinis. These restrictions apply globally and affect all users, including paid subscribers. In a further change, image creation and image editing through the @Grok account are now limited to paid subscribers worldwide. X said this step adds an additional layer of accountability by helping ensure that users who attempt to abuse Grok in violation of laws or platform policies can be identified. X also confirmed the introduction of geoblocking measures in certain jurisdictions. In regions where such content is illegal, users will no longer be able to generate images of real people in bikinis, underwear, or similar attire using Grok AI. Similar geoblocking controls are being rolled out for the standalone Grok app by xAI. Announcement Follows Widespread Abuse Reports The update comes amid a growing scandal involving Grok AI, after thousands of users were reported to have generated sexualized images of women and children using the tool. Numerous reports documented how users took publicly available images and used Grok to depict individuals in explicit or suggestive scenarios without their consent. Particular concern has centered on a feature known as “Spicy Mode,” which xAI developed as part of Grok’s image-generation system and promoted as a differentiator. Critics say the feature enabled large-scale abuse and contributed to the spread of nonconsensual intimate imagery. According to one analysis cited in media reports, more than half of the approximately 20,000 images generated by Grok over a recent holiday period depicted people in minimal clothing, with some images appearing to involve children. U.S. and European Authorities Escalate Scrutiny On January 14, 2026, ahead of X’s announcement, California Attorney General Rob Bonta confirmed that his office had opened an investigation into xAI over the proliferation of nonconsensual sexually explicit material produced using Grok. In a statement, Bonta said reports describing the depiction of women and children in explicit situations were “shocking” and urged xAI to take immediate action. His office is examining whether and how xAI may have violated the law. Regulatory pressure has also intensified internationally. The European Commission confirmed earlier this month that it is examining Grok’s image-generation capabilities, particularly the creation of sexually explicit images involving minors. European officials have signaled that enforcement action is being considered. App Store Pressure Adds to Challenges On January 12, 2026, three U.S. senators urged Apple and Google to remove X and Grok from their app stores, arguing that Grok AI has repeatedly violated app store policies related to abusive and exploitative content. The lawmakers warned that app distribution platforms may also bear responsibility if such content continues. Ongoing Oversight and Industry Implications X said the latest changes do not alter its existing safety rules, which apply to all AI prompts and generated content, regardless of whether users are free or paid subscribers. The platform stated that its safety teams are working continuously to add safeguards, remove illegal content, suspend accounts where appropriate, and cooperate with authorities. As investigations continue across multiple jurisdictions, the Grok controversy is becoming a defining case in the broader debate over AI safety, accountability, and the protection of children and vulnerable individuals in the age of generative AI.

image for Germany and Israel D ...

 Firewall Daily

Germany and Israel have taken an important step toward deepening their long-standing security partnership by expanding cooperation in the field of cybersecurity. During a weekend visit to Jerusalem, German Interior Minister Alexander Dobrindt and Israeli Prime Minister Benjamin Netanyahu signed a new cyber and   show more ...

security pact aimed at reinforcing existing frameworks and addressing growing digital threats facing both countries.   The security relationship between Germany and Israel has been described by both sides as close, stable, and built on trust. In the area of cybersecurity in particular, cooperation has already reached an advanced level. Outside of NATO and the EU, Israel is considered Germany’s most important security partner, a status that reflects Israel’s technical expertise and operational experience in cyber defense.   Germany and Israel's Cybersecurity Plans A central focus of the agreement is Germany’s plan to develop what is known as the German Cyber Dome. The Federal Ministry of the Interior (BMI) is working to establish this system as a semi-automated framework capable of detecting, analyzing, and responding to cyberattacks in real time. Rather than being a single off-the-shelf product, the German Cyber Dome is designed as a comprehensive defense concept that integrates multiple tools, processes, and institutions to strengthen national cyber resilience.  Germany is looking to Israel’s experience to support the development of the German Cyber Dome. During his visit, Interior Minister Dobrindt was given a virtual demonstration in Tel Aviv that showcased Israel’s innovative capabilities in cyber defense. Following the presentation, Dobrindt emphasized Germany’s interest in learning from Israel’s approach, stating, “We have a strong interest in learning how Israel built the Cyber Dome.” The knowledge exchange is expected to benefit not only large-scale critical infrastructure operators but also small and medium-sized businesses, which are increasingly targeted by cybercriminals.  Under the terms of the pact, Germany and Israel agreed to exchange expertise and operational experience in defending against cyberattacks, jointly develop advanced cyber defense technologies, and promote collaborative research in the cyber domain. These efforts are intended to enhance early warning systems, improve coordinated responses, and strengthen overall digital security architectures. The cooperation complements Germany’s commitments within NATO and the EU while recognizing Israel’s unique role as a key partner outside those frameworks.  Broader Security Cooperation in the Middle East  Beyond cybersecurity, the visit also addressed broader security and stabilization efforts in the Middle East. To support a peaceful solution in the region, the German Federal Ministry of the Interior has deployed a high-level team of experts from the Federal Police to the US-led Office of the Security Coordinator for Israel and the Palestinian Authority (OSC).   The German team is tasked with assisting local civilian security authorities in rebuilding and strengthening police and security forces. Germany is also contributing personnel to police missions conducted under the auspices of the EU, reinforcing its broader international engagement.  During his stay, Minister Dobrindt also held talks with Israeli Foreign Minister Gideon Sa’ar, further highlighting the political dimension of the visit. These discussions complemented the cyber and security agreement and reflected the wider scope of bilateral relations between Germany and Israel.  Prime Minister Benjamin Netanyahu addressed the significance of the agreement on Sunday, 11 January 2026. He stated, “I attach enormous importance to the overall cooperation between Israel and Germany, and especially Israel and Germany on this question of cybersecurity, which is one of the main threats to our internal security, and in many ways also our infrastructure and other threats.” Netanyahu described Germany and Israel as “natural partners,” pointing to past cooperation on defense projects such as Arrow III and ongoing technological collaboration.  Following the signing, Netanyahu added that the cyber defense agreement reflected the growing closeness between Israel and major powers such as Germany. He noted that many countries are seeking cooperation with Israel not only in security matters but also in economic fields, describing the agreement as another indication of Israel’s rising international standing.

image for APD Investigates Thi ...

 Cyber News

The Anchorage Police Department (APD) has taken action after being notified of a cybersecurity incident involving a third-party service provider, emphasizing growing concerns around third-party cyber risks for local governments in the United States. APD, which serves the Municipality of Anchorage in Alaska, confirmed   show more ...

that the cybersecurity incident is linked to Whitebox Technologies, a data migration firm that supports multiple agencies nationwide. The department was alerted to the issue on January 7, 2026, while preparing for an internal software system upgrade. Whitebox Technologies has not publicly commented on the incident. No Evidence of Data Compromise, Anchorage Police Department Says According to the Anchorage Police Department, there is currently no evidence that its systems were compromised or that departmental data was accessed by threat actors. However, the department emphasized that precautionary measures were immediately implemented to reduce risk and protect sensitive information. In an official statement, APD said: “Currently, there is no evidence indicating that APD systems have been compromised or that any APD data has been acquired by the threat actor. However, as a precautionary measure, the department is actively monitoring the systems and implementing protective measures to safeguard information.” Anchorage, Alaska’s largest city, is home to approximately 300,000 residents, making the protection of public safety data a critical priority for municipal authorities. Immediate Actions Taken to Secure APD Systems Following notification of the APD cybersecurity incident, the city’s Information Technology Department (ITD) moved quickly to contain potential exposure. Officials confirmed that relevant APD servers were shut down, and access for the vendor and all associated third-party service providers was disabled. Additionally, ITD oversaw the deletion and removal of all remaining APD data from the third-party service provider’s servers. APD has since initiated continued oversight of its internal systems and is closely monitoring for any unusual or suspicious activity. As part of its response, APD also notified employees via email on January 7, advising them to remain alert and report any irregular system behavior through established channels. Investigation Ongoing, Notifications Promised if Needed The third-party service provider is leading the investigation, with APD working closely alongside other municipal departments to oversee the response. Officials stated that this collaboration is focused on ensuring appropriate safeguards are in place and minimizing potential risks as the investigation continues. APD pledged that if it is determined that protected personal information was accessed during the incident, affected individuals will be notified in accordance with applicable requirements. The department declined to provide further details about the nature of the cyberattack and confirmed that the incident is not related to a recent 311 service outage experienced by the city. Whitebox Technologies and Broader Third-Party Risks APD noted that Whitebox Technologies works with multiple agencies nationwide. Information published on the company’s website indicates it has provided services to municipalities in states including Washington, New Jersey, Oklahoma, and Maine. The APD cybersecurity incident reflects a broader trend in which hackers increasingly target third-party service providers as a pathway into government systems. These vendors often hold or process sensitive data, making them attractive targets for cybercriminals. Recent Cyberattacks  The Anchorage incident comes amid a wave of cyberattacks affecting local government technology providers. In November 2025, Crisis24’s OnSolve CodeRED emergency alert system was disrupted following a cyberattack claimed by the INC ransomware group. That incident impacted local governments across the U.S., with some user data potentially exposed, including names, addresses, email addresses, phone numbers, and passwords. Crisis24 has since announced plans to launch a new secure CodeRED system, prompting varying responses from municipalities relying on the platform. While APD maintains that its systems remain secure, officials confirmed that monitoring will continue as the investigation progresses. The department stressed that protective measures remain in place to safeguard information and maintain public trust.

image for Key attack scenarios ...

 Business

Brand, website, and corporate mailout impersonation is becoming an increasingly common technique used by cybercriminals. The World Intellectual Property Organization (WIPO) reported a spike in such incidents in 2025. While tech companies and consumer brands are the most frequent targets, every industry in every   show more ...

country is generally at risk. The only thing that changes is how the imposters exploit the fakes In practice, we typically see the following attack scenarios: Luring clients and customers to a fake website to harvest login credentials for the real online store, or to steal payment details for direct theft. Luring employees and business partners to a fake corporate login portal to acquire legitimate credentials for infiltrating the corporate network. Prompting clients and customers to contact the scammers under various pretexts: getting tech support, processing a refund, entering a prize giveaway, or claiming compensation for public events involving the brand. The goal is to then swindle the victims out of as much money as possible. Luring business partners and employees to specially crafted pages that mimic internal company systems, to get them to approve a payment or redirect a legitimate payment to the scammers. Prompting clients, business partners, and employees to download malware — most often an infostealer — disguised as corporate software from a fake company website. The words “luring” and “prompting” here imply a whole toolbox of tactics: email, messages in chat apps, social media posts that look like official ads, lookalike websites promoted through SEO tools, and even paid ads. These schemes all share two common features. First, the attackers exploit the organization’s brand, and strive to mimic its official website, domain name, and corporate style of emails, ads, and social media posts. And the forgery doesn’t have to be flawless — just convincing enough for at least some of business partners and customers. Second, while the organization and its online resources aren’t targeted directly, the impact on them is still significant. Business damage from brand impersonation When fakes are crafted to target employees, an attack can lead to direct financial loss. An employee might be persuaded to transfer company funds, or their credentials could be used to steal confidential information or launch a ransomware attack. Attacks on customers don’t typically imply direct damage to the company’s coffers, but they cause substantial indirect harm in the following areas: Strain on customer support. Customers who “bought” a product on a fake site will likely bring their issues to the real customer support team. Convincing them that they never actually placed an order is tough, making each case a major time waster for multiple support agents. Reputational damage. Defrauded customers often blame the brand for failing to protect them from the scam, and also expect compensation. According to a European survey, around half of affected buyers expect payouts and may stop using the company’s services — often sharing their negative experience on social media. This is especially damaging if the victims include public figures or anyone with a large following. Unplanned response costs. Depending on the specifics and scale of an attack, an affected company might need digital forensics and incident response (DFIR) services, as well as consultants specializing in consumer law, intellectual property, cybersecurity, and crisis PR. Increased insurance premiums. Companies that insure businesses against cyber-incidents factor in fallout from brand impersonation. An increased risk profile may be reflected in a higher premium for a business. Degraded website performance and rising ad costs. If criminals run paid ads using a brand’s name, they siphon traffic away from its official site. Furthermore, if a company pays to advertise its site, the cost per click rises due to the increased competition. This is a particularly acute problem for IT companies selling online services, but it’s also relevant for retail brands. Long-term metric decline. This includes drops in sales volume, market share, and market capitalization. These are all consequences of lost trust from customers and business partners following major incidents. Does insurance cover the damage? Popular cyber-risk insurance policies typically only cover costs directly tied to incidents explicitly defined in the policy — think data loss, business interruption, IT system compromise, and the like. Fake domains and web pages don’t directly damage a company’s IT systems, so they’re usually not covered by standard insurance. Reputational losses and the act of impersonation itself are separate insurance risks, requiring expanded coverage for this scenario specifically. Of the indirect losses we’ve listed above, standard insurance might cover DFIR expenses and, in some cases, extra customer support costs (if the situation is recognized as an insured event). Voluntary customer reimbursements, lost sales, and reputational damage are almost certainly not covered. What to do if your company is attacked by clones If you find out someone is using your brand’s name for fraud, it makes sense to do the following: Send clear, straightforward notifications to your customers explaining what happened, what measures are being taken, and how to verify the authenticity of official websites, emails, and other communications. Create a simple “trust center” page listing your official domains, social media accounts, app store links, and support contacts. Make it easy to find and keep it updated. Monitor new registrations of social media pages and domain names that contain your brand names to spot the clones before an attack kicks off. Follow a takedown procedure. This involves gathering evidence, filing complaints with domain registrars, hosting providers, and social media administrators, then tracking the status until the fakes are fully removed. For a complete and accurate record of violations, preserve URLs, screenshots, metadata, and the date and time of discovery. Ideally, also examine the source code of fake pages, as it might contain clues pointing to other components of the criminal operation. Add a simple customer reporting form for suspicious sites or messages to your official website and/or branded app. This helps you learn about problems early. Coordinate activities between your legal, cybersecurity, and marketing teams. This ensures a consistent, unified, and effective response. How to defend against brand impersonation attacks While the open nature of the internet and the specifics of these attacks make preventing them outright impossible, a business can stay on top of new fakes and have the tools ready to fight back. Continuously monitor for suspicious public activity using specialized monitoring services. The most obvious indicator is the registration of domains similar to your brand name, but there are others — like someone buying databases related to your organization on the dark web. Comprehensive monitoring of all platforms is best outsourced to a specialized service provider, such as Kaspersky Digital Footprint Intelligence (DFI). The quickest and simplest way to take down a fake website or social media profile is to file a trademark infringement complaint. Make sure your portfolio of registered trademarks is robust enough to file complaints under UDRP procedures before you need it. When you discover fakes, deploy UDRP procedures promptly to have the fake domains transferred or removed. For social media, follow the platform’s specific infringement procedure — easily found by searching for “[social media name] trademark infringement” (for example, “LinkedIn trademark infringement”). Transferring the domain to the legitimate owner is preferred over deletion, as it prevents scammers from simply re-registering it. Many continuous monitoring services, such as Kaspersky Digital Footprint Intelligence, also offer a rapid takedown service, filing complaints on the protected brand’s behalf. Act quickly to block fake domains on your corporate systems. This won’t protect partners or customers, but it’ll throw a wrench into attacks targeting your own employees. Consider proactively registering your company’s website name and common variations (for example, with and without hyphens) in all major top-level domains, such as .com, and local extensions. This helps protect partners and customers from common typos and simple copycat sites.

 Feed

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. The vulnerability, tracked as CVE-2025-20393 (CVSS

 Feed

You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the information about you that’s already out there—without your permission? Your name. Home address. Phone number. Past jobs. Family members. Old usernames. It’s all still online, and it’s a lot easier to find than you think. The hidden safety threat lurking online Most

 Feed

Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive ("US now deciding what's next for Venezuela.zip")

 Feed

A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.

 Feed

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security researcher Aaron Walton said in a report shared with The Hacker News. "That is, many unarchiving tools

 Feed

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account

2026-01
Aggregator history
Friday, January 16
THU
FRI
SAT
SUN
MON
TUE
WED
JanuaryFebruaryMarch